Recent DDoS Attacks Highlight Need to Ramp Up IoT Security

A recent string of distributed denial-of-service (DDoS) attacks against a variety of Web sites, driven by hundreds of thousands of Internet-connected devices, highlights new vulnerabilities and the lack of security in the rapidly growing Internet of Things (IoT) industry, according to the Smart Card Alliance.

With an estimated 21 billion devices expected to be connected to the Internet by 2020, there is a critical need to ramp up the security of “things.” To do this, the alliance is advocating for the addition of embedded security in IoT devices.

The vulnerability exploited in the DDoS attacks is just one of the many potential threats prompting the group to recommend stronger security requirements in the design of IoT ecosystems. This includes how communications with IoT devices are authenticated, how access is controlled, how data is protected, how IoT devices are managed during their lifecycle, and how IoT device might impact other systems.

While there is no perfect solution and effective security must have many levels, for those systems that impact life safety or the functioning of critical infrastructure, the alliance thinks the addition of embedded security—which can be implemented using secure chip technology—is a necessity. This is the same technology now being used in GSM mobile devices, payment chip cards, secure identity tokens and e-passports.

“These recent attacks, one of which was more than four times the size of the largest reported attack last year, are comparable to the massive payments data breaches that have been in the spotlight over the past few years,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “This is just the latest example of the IoT vulnerabilities that exist today, demonstrating why the security of things is so critical.”